21 Apr
2020
21 Apr
'20
10:01 a.m.
Patrick Rudolph has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32704 )
Change subject: security: Add common boot media write protection ......................................................................
Patch Set 10:
Patch Set 10:
That's because platform code decides when to lock down SPI flash and there's no gurantee it will happen in BS_POST_DEVICE. Locking it early here will brick the MRC cache...
But the MRC cache is also common code? So just pick the latest it can happen from there (looks like that's OS_RESUME_CHECK)? Sounds like this is something we should try to standardize now if it hasn't been before.
that doesn't work because on Intel the spibar is locked before DEV_INIT.
--
To view, visit https://review.coreboot.org/c/coreboot/+/32704
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: Iceb3ecf0bde5cec562bc62d1d5c79da35305d183
Gerrit-Change-Number: 32704
Gerrit-PatchSet: 10
Gerrit-Owner: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz
Gerrit-Reviewer: Christian Walter christian.walter@9elements.com
Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Nico Huber nico.h@gmx.de
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Aaron Durbin adurbin@chromium.org
Gerrit-CC: Michael Niewöhner
Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Tue, 21 Apr 2020 08:01:17 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
Gerrit-MessageType: comment